Vulnerabilites related to wago - 758-870
Vulnerability from fkie_nvd
Published
2017-08-22 18:29
Modified
2024-11-21 02:35
Severity ?
Summary
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-849_firmware | 01.01.27 | |
| wago | 750-849_firmware | 01.02.05 | |
| wago | 750-849 | - | |
| wago | 750-881_firmware | 01.01.27 | |
| wago | 750-881_firmware | 01.02.05 | |
| wago | 750-881 | - | |
| wago | 758-870_firmware | 01.01.27 | |
| wago | 758-870_firmware | 01.02.05 | |
| wago | 758-870 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFA37F5-4A26-4590-BCC5-4FAE55FE7D3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A311D5FA-24F5-4BC6-9F66-3FA5E804BE4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-849:-:*:*:*:*:*:*:*",
"matchCriteriaId": "408CF00F-D4F8-493C-B3F8-889E63E8EE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-881_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "826896CE-D379-4D02-891B-1323ECBF49FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:750-881_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "072F7993-F0AE-4A99-B04C-98BD09949F41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE51647-62C1-4D3C-91FA-13ACA6CD71D2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA0F552-D624-4B6C-B09D-0E7BD948356A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "0A993A3C-784A-4E0E-AD96-C0D46B63AFD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:758-870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF59E5C-927A-4499-82C3-49E047C39B9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management."
},
{
"lang": "es",
"value": "WAGO IO 750-849 01.01.27 y 01.02.05, WAGO IO 750-881, y WAGO IO 758-870 tienen una gesti\u00f3n de credenciales d\u00e9bil."
}
],
"id": "CVE-2015-6472",
"lastModified": "2024-11-21T02:35:02.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-22T18:29:00.233",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-22 18:29
Modified
2024-11-21 02:35
Severity ?
Summary
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2016/Mar/4 | Exploit, Mailing List, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/84138 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wago | 750-849_firmware | 01.01.27 | |
| wago | 750-849 | - | |
| wago | 758-870_firmware | 01.01.27 | |
| wago | 758-870_firmware | 01.02.05 | |
| wago | 758-870 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:750-849_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "BEFA37F5-4A26-4590-BCC5-4FAE55FE7D3B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:750-849:-:*:*:*:*:*:*:*",
"matchCriteriaId": "408CF00F-D4F8-493C-B3F8-889E63E8EE9C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.01.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA0F552-D624-4B6C-B09D-0E7BD948356A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:wago:758-870_firmware:01.02.05:*:*:*:*:*:*:*",
"matchCriteriaId": "0A993A3C-784A-4E0E-AD96-C0D46B63AFD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:wago:758-870:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF59E5C-927A-4499-82C3-49E047C39B9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation."
},
{
"lang": "es",
"value": "WAGO IO 750-849 01.01.27 y WAGO IO 750-881 01.02.05 no contienen separaci\u00f3n de privilegios."
}
],
"id": "CVE-2015-6473",
"lastModified": "2024-11-21T02:35:02.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-22T18:29:00.263",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/84138"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201708-0126
Vulnerability from variot
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-881",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-881",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i/o plc 750-849",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 750-881",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 758-870",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "758-870"
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-849"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 750-881",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-881",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.02.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 881",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 881",
"version": "01.02.05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.02.05"
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-881_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_758-870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
},
"cve": "CVE-2015-6472",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6472",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-84433",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6472",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6472",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-6472",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-05504",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-390",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-84433",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. WAGO IO 750-849 , WAGO IO 750-881 ,and WAGO IO 758-870 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. An attacker could use the default certificate to exploit this vulnerability to gain unauthorized administrator access to the system",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6472"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "VULHUB",
"id": "VHN-84433"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-84433",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84433"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6472",
"trust": 3.3
},
{
"db": "PACKETSTORM",
"id": "136077",
"trust": 2.5
},
{
"db": "BID",
"id": "84138",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05504",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754",
"trust": 0.8
},
{
"db": "IVD",
"id": "0F92EA1A-46D5-4C59-97AA-B0A9D0C1169F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84433",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"id": "VAR-201708-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
}
],
"trust": 1.6970521357142858
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
}
]
},
"last_update_date": "2024-11-23T22:38:27.141000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "WAGO IO PLC has multiple vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79416"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/136077/wago-io-plc-758-870-750-849-credential-management-privilege-separation.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/84138"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2016/mar/4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6472"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6472"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"db": "VULHUB",
"id": "VHN-84433"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "IVD",
"id": "0f92ea1a-46d5-4c59-97aa-b0a9d0c1169f"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84433"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"date": "2017-08-22T18:29:00.233000",
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05504"
},
{
"date": "2021-07-09T00:00:00",
"db": "VULHUB",
"id": "VHN-84433"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007754"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-390"
},
{
"date": "2024-11-21T02:35:02.157000",
"db": "NVD",
"id": "CVE-2015-6472"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WAGO IO Vulnerabilities related to certificate and password management in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007754"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-390"
}
],
"trust": 0.6
}
}
var-201708-0127
Vulnerability from variot
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. WAGO IO 750-849 and WAGO IO 750-881 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. A security vulnerability exists in WAGO IO 750-849 version 01.01.27 and WAGO IO 750-881 version 01.02.05. An attacker could use the default account to exploit this vulnerability to control and change the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "758-870",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "750-849",
"scope": "eq",
"trust": 1.0,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i/o plc 750-849",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "i/o plc 750-881",
"scope": null,
"trust": 0.8,
"vendor": "wago",
"version": null
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "758-870"
},
{
"model": "io plc",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "750-849"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": "i\\/o plc 758-870",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.02.05"
},
{
"model": "i\\/o plc 750-849",
"scope": "eq",
"trust": 0.6,
"vendor": "wago",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 750 849",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.01.27"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wago i o plc 758 870",
"version": "01.02.05"
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-849_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:wago:wago_i%2Fo_plc_750-881_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
}
],
"trust": 0.6
},
"cve": "CVE-2015-6473",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6473",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-05505",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "af646046-1130-4e49-a25e-dd43e2c49f38",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-84434",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6473",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6473",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2015-6473",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-05505",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-391",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-84434",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-6473",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. WAGO IO 750-849 and WAGO IO 750-881 Contains vulnerabilities related to security features.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WAGO IO PLCs 758-870 and 750-849 are bus editable logic controller modules from WAGO, Germany. There are security bypass vulnerabilities and privilege escalation vulnerabilities in WAGO IO PLC 758-870 and 750-849 versions that allow attackers to execute arbitrary code, bypass security restrictions, and perform unauthorized operations. A security vulnerability exists in WAGO IO 750-849 version 01.01.27 and WAGO IO 750-881 version 01.02.05. An attacker could use the default account to exploit this vulnerability to control and change the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6473",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "136077",
"trust": 2.6
},
{
"db": "BID",
"id": "84138",
"trust": 2.4
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2016-05505",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755",
"trust": 0.8
},
{
"db": "IVD",
"id": "AF646046-1130-4E49-A25E-DD43E2C49F38",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-84434",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-6473",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"id": "VAR-201708-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
}
],
"trust": 1.6970521357142858
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
}
]
},
"last_update_date": "2024-11-23T22:38:27.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://global.wago.com/jp/"
},
{
"title": "WAGO IO PLC has multiple bugs (CNVD-2016-05505) patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79415"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://packetstormsecurity.com/files/136077/wago-io-plc-758-870-750-849-credential-management-privilege-separation.html"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/84138"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2016/mar/4"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6473"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6473"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/254.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"db": "VULHUB",
"id": "VHN-84434"
},
{
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "IVD",
"id": "af646046-1130-4e49-a25e-dd43e2c49f38"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-84434"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"date": "2016-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"date": "2017-08-22T18:29:00.263000",
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05505"
},
{
"date": "2017-08-26T00:00:00",
"db": "VULHUB",
"id": "VHN-84434"
},
{
"date": "2017-08-26T00:00:00",
"db": "VULMON",
"id": "CVE-2015-6473"
},
{
"date": "2017-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007755"
},
{
"date": "2021-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-391"
},
{
"date": "2024-11-21T02:35:02.297000",
"db": "NVD",
"id": "CVE-2015-6473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WAGO IO 750-849 and WAGO IO 750-881 Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-391"
}
],
"trust": 0.6
}
}
cve-2015-6473
Vulnerability from cvelistv5
Published
2017-08-22 18:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Mar/4 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/84138 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T19:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84138"
},
{
"name": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6473",
"datePublished": "2017-08-22T18:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6472
Vulnerability from cvelistv5
Published
2017-08-22 18:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/fulldisclosure/2016/Mar/4 | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/84138 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:21.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-22T17:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/84138"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-6472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160303 WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Mar/4"
},
{
"name": "84138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/84138"
},
{
"name": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136077/WAGO-IO-PLC-758-870-750-849-Credential-Management-Privilege-Separation.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-6472",
"datePublished": "2017-08-22T18:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:21.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}